RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-18 20:24:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol/cil: Ensure that the class in a classcommon is a kernel class

Browse Source 
Map classes use the same struct as kernel classes, but only the kernel
class uses the pointer to a common class. When resolving a classcommon,
make sure that the class that is found is a kernel class and not a
map class. If not, then return an error.

Found by oss-fuzz (#43209)

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2022-01-13 10:58:48 -05:00
parent f0823bbbb5
commit 86cdb9f119
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libsepol/cil/src/cil_resolve_ast.c
View File

@ -755,6 +755,11 @@ int cil_resolve_classcommon(struct cil_tree_node *current, void *extra_args)
if (rc != SEPOL_OK) {
goto exit;
}
if (NODE(class_datum)->flavor != CIL_CLASS) {
cil_log(CIL_ERR, "Class %s is not a kernel class and cannot be associated with common %s\n", clscom->class_str, clscom->common_str);
rc = SEPOL_ERR;
goto exit;
}
rc = cil_resolve_name(current, clscom->common_str, CIL_SYM_COMMONS, extra_args, &common_datum);
if (rc != SEPOL_OK) {